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(54) Secure access to a subscription module 

(57) A method of providing to a client communica- 
tions device access to a subscription module of a server 
communications device, the method comprising the 
steps of establishing a communications link between the 
client communications device and the server communi- 
cations device; and communicating a number of mes- 



sages comprising data related to the subscription mod- 
ule between the server communications device and the 
client communications device via the communications 
link. The method further comprises the step of providing 
integrity protection of the messages communicated be- 
tween the server communications device and the client 
communications device via the communications linl<. 
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Description 

[0001 ] This invention relates to a method of providing 
to a client connmunications device access to a subscript 
tion nnodule of a server comnfiunications device. More 
particular, this Invention relates to a nnethod of providing 
to a client comnnunicatlons device access to a subscrip- 
tion moduie of a server communications device, the 
method comprising the steps of establishing a commu- 
nications llnl< between the client communications device 
and the server communications device; and communi- 
cating a number of messages comprising data related 
to the subscription module between the server commu- 
nications device and the client communications device 
via the communications link. 
[0002] In many wireless communications systems, 
such as GMS, UTMS, GPRS, etc, communications de- 
vices are equipped with a subscription moduie, such as 
a SIM card, a USIM card, or the like. When a subscriber 
requests a communication service it is detennined, via 
said subscription module, whether the subscriber is 
qualified to receive communication services from that 
system. For this purpose, a subscriber identity is as- 
signed to a device In a wireless communications system 
which uses a subscriber identity media. In order to get 
access to the communications services, the communi- 
cations device needs to have access to security sensi- 
tive infomation which is unique to the subscription and 
which is stored in the subscription module. 
[0003] SImilariy, other types of authentication or se- 
curity services, such as WLAN access at hotspots, 
desktop login or web authentication, may be based on 
a subscription module, possibly in combination with 
GSM/UMTS related services. 
[0004] In the context of the Global System for Mobile 
Communications (GSM), subscription is based on a SIM 
(subscriber identity module) card, i.e. the subscription 
module is implemented as a SIM card attached to a mo- 
bile device. The SIM card includes a ROM (Read Only 
Memory), a RAM (Read Access Memory), an EEPROM 
(Electricaiiy Erasable Programmabie Read Only Mem- 
ory), a processor unit and an interface to the communi- 
cations device. The memory of the SIM provides storage 
of the subscriber identity which is the International Mo- 
bile Subscriber Identity (IMSi) in a GSM network. Except 
for emergency calls, the device can only be operated, if 
a valid SIM is present. The SIM supports a security func- 
tion for verification of the user of the device and for au* 
thentlcation of the user to the GSM network. The SIM 
further comprises information elements for GSM net- 
wori< operations, e.g. related to the mobile subscriber or 
GSM services. 

[0005] In the above described context. If a user would 
like to use a SIM card, i.e. a single subscription, to con- 
nect to a wireless communications network from several 
different personal mobile devices, he or she needs to 
manually remove the SIM card from one device and put 
It into another device. In order to avoid this inconvenient 
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operation it Is advantageous, if the wireless communi- 
cation system allows more than one communications 
device to share the same subscriber identity without 
having to pay for more than one subscription. 

5 [0006] Similarly, If the user would like to utilise a gen- 
eral purpose subscription module like the SIM or USIM 
card for authentication or security services other than 
GSM/UMTS, for example WLAN access, the subscrip- 
tion module must be manually removed from one device 

10 and inserted into the device that is the end-point for that 
other authentication process. 
[0007] The emerging short-range wireless technolo- 
gies, such as Bluetooth and wireless LAN, which enable 
relatively high speed short range connections, have 

IS made It possible to simplify the tedious procedure de- 
scribed above. 

[0008] The international application WO 99/59360 
discloses an arrangement for communicating SIM relat- 
ed data in a wireless communications system between 

20 a wireless communications device and a subscriber 
identity device including a subscriber identity unit with a 
SIM card. The wireless communications device and the 
subscriber identity device are separated from each oth- 
er, but may communicate with each other via a local 

25 wireless communications link within a radio frequency 
range. SIM related data is communicated over the local 
wireless communications link. Hence the above prior art 
system allows a simplified sharing of a subscription 
module by several cornmunications devices. Instead of 

30 moving the SIM card between different mobile devices, 
direct wireless access to the SIM card over an air inter- 
face is realised. In the above prior art, the local wireless 
communications link is encrypted in order to establish a 
secure wireless communications link that hinders third 

35 party interception of sensitive Infomiation. 

[0009] The Bluetooth pairing mechanism produces a 
shared secret, the so-called link key, between two Blue- 
tooth devices (see "Baseband Specification" in "Speci- 
fication of the Bluetooth System, Core, Version 1.1 

40 Bluetooth Special Interest Group, February 2001). The 
link key is derived from a PIN that is entered by the user 
of the devices. The link key is subsequently used to pro- 
tect the Bluetooth communication. However, since the 
remote access to a subscription module Is partlculariy 

45 security sensitive, there is a need for Increased security, 
i.e. an improved protection of the subscription module 
against unauthorised access to the sensitive subscrip- 
tion Infomnatlon and services on the module. 
[0010] Furthemnore, the IEEE 802.11 standard offers 

50 secure communications services such as authentication 
and encryption via a wired equivalence privacy mecha- 
nism (see "IEEE Std 802.11 - 1999 Edition IEEE - Part 
11 : Wireless LAN Medium Access Control and physical 
layer specifications"). However, this mechanism is 

55 known to have security weaknesses. 

[0011] Hence, the above prior art systems involve the 
problem that the communication between the server 
and client communications device may be Intercepted 
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and an established communicatjons link may be taken 
over by a dishonest user who may misuse the gained 
access to the subscription module. 
[0012] Furthermore, if the local wireless communica- 
tions link is a link to a local wireless network, such as a 
Bluetooth piconet, the link between the client device and 
the server device may comprise several wireless con- 
nections involving intermediate devices, thereby caus- 
ing the security of the communications link to be difficult 
to control, even though the individual communications 
links may be encrypted. Hence, there Is a risk of unau- 
thorised interception and use of sensitive data related 
to the subscription module. 

[0013] IHence, It is an object of the present invention 
to provide Increased security for remote access of a sub- 
scription module. 

[0014] The above and other problems are solved 
when a method of providing to a client communications 
device access to a subscription module of a server com- 
munications device, the method comprising the steps of 

establishing a communications link between the cli- 
ent communications device and the server commu- 
nications device; and 

communicating a number of messages comprising 
data related to the subscription module between the 
server communications device and the client com- 
munications device via the communications link 

is characterised in that 

the method further comprises the step of providing in- 
tegrity protection of the. messages communicated be- 
tween the server communications device and the client 
communications device via the communications link. 
[0015] Consequently, according to the Invention an 
improved security is achieved by authenticating the in- 
dividual messages sent between the client and server 
communications devices. Hence, It is ensured that the 
communicated messages are sent by a legitimate de- 
vice and that they have not been altered during trans- 
mission over the air interface, thereby providing im- 
proved security against, a dishonest user's attempt to 
take over a once authenticated communication channel 
between the devices. 

[0016] In particular, It is an advantage of the invention 
that it provides protection of the interface between the 
client and server communications devices against ac- 
tive wiretapper attacks. 

[001 7] It is a further advantage of the invention that it 
does not require a trust relation between the subscrip- 
tion module and the client communications device. 
[0018] Here, the term, integrity protection comprises 
any method of assuring that Infomnatlon sent from an 
originating source is not accidentally or maliciously al- 
tered or destroyed during communication from the 
source to the receiver. 

[0019] In a preferred embodiment of the invention, the 
step of providing Integrity protection further comprises 



calculating, based on a secret session key, a respective 
message authentication code for each of the communi- 
cated messages; and Including the calculated message 
authentication code into the con^esponding communi- 
5 cated message. 

[0020] Hence, by using a message authentication 
code (MAC), i.e. a keyed hashing algorithm that uses a 
symmetric session key, an Increased security Is 
achieved by providing integrity protection for each Indi- 
10 vidual message. When using this type of algorithm, the 
sending application computes a hash function using a 
secret session key, and the receiving application needs 
to posses the same key to re-compute the hash value 
and, thus, to be able to verify that the transmitted data 
15 has not changed. 

[0021] In a preferred embodiment of the invention, the 
step of establishing a communications link between the 
client and server communications devices comprises 
detennlning a secret session key based on a shared se- 
20 cret between the server and client communications de- 
vices. Hence, by refreshing the secret hashing key at 
each new session, reply attacks are avoided, i.e. at- 
tempts by a dishonest user to repeat a previously inter- 
cepted message. 
25 [0022] Here, the terni shared secret comprises any 
suitable secret data item, e.g. a secret key, a bit string, 
or the like, known to the server and the client communi- 
cations devices that is suitable as an input for a crypto- 
graphic algorithm, such as a hash function, a MAC al- 
so gorithm, a pseudo-random function, or the like. 

[0023] In a further prefen-ed embodiment of the inven- 
tion, the method further comprises providing the shared 
secret by perfomrilng a secure pairing procedure Includ- 
ing receiving a passcode by at least one of the client 
35 communications device and the server communications 
device. Hence, a user friendly security mechanism Is 
provided which does not demand any more user inter- 
action than is already required when, for example, pair- 
ing two Bluetooth devices. 
40 [0024] Depending on the method employed, a user 
may have to enter the passcode in both devices or in 
one device, e.g. by displaying a PIN code on one of the 
devices and requesting the user to enter the PIN In the 
con-esponding other device. 
45 [0025] Furthermore, if the required passcode is short, 
i.e. less than 7 digits or letters, the time-consuming task 
of entering a long passcode is reduced and the possi- 
bility of entering an erroneous passcode Is reduced. 
High security may still be achieved by utilising high-se- 
50 curity PIN methods such as the one described in C. Ge- 
hmnann and K. Nyberg, "Enhancements to the Bluetooth 
baseband security", Proceedings of the NordSec Con- 
ference 2001 , Nov. 1 -2, 2001 , DTU Denmaric. 
[0026] In another preferred embodiment, the commu- 
55 nicatlons link has a secret link key related to It and the 
method further comprises providing the shared secret 
by calculating the shared secret using the secret link key 
as an Input. 
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[0027] Hence, existing pairing nnechanisms for the 
set-up of the connmunications link between the server 
and client devices may be utilised to enhance the secu- 
rity of the rennote access to the subscription module. For 
example, In connection with a Bluetooth communica- 
tion, the Bluetooth link key may be utilised to derive the 
shared secret for integrity protection. Hence, no addi- 
tional Interaction is required for achieving the additional 
security. 

[0028] In yet another preferred embodiment of the in- 
vention, the method further comprises 

incorporating a value of a first counter In each of the 
messages communicated from the client communi- 
cations device to the server communications de- 
vice, the first counter being indicative of the number 
of messages communicated from the client commu- 
nications device to the server communications de- 
vice; and 

incorporating a value of a second counter in each 
of the messages communicated from the server 
communications device to the client communica- 
tions device, the second counter being indicative of 
the number of messages communicated from the 
server communications device to the client commu- 
nications device; 

and the step of calculating a respective message au- 
thentication code for each of the communicated mes- 
sages comprises calculating a message authentication 
code for each of the communicated messages and the 
corresponding counter value. 
[0029] Hence, by providing respective counters for 
the messages communicated to and from the server 
communications device, the security of the communica- 
tion is further increased. For example, a dishonest user 
who may have intercepted a previous message includ- 
ing a request for sensitive infomriation, may attempt to 
simply repeat this request, in order to receive the infor- 
mation as a reply. However, by providing a message 
counter, the repeated message will be identified as out 
of sequence by the server and can, thus, be discarded. 
[0030] In the above prior art systems, once the client 
communications device is authenticated, it may access 
any function in the subscription module via the messag- 
es sent over the air interface, thereby creating a poten- 
tial security risk of unauthorised access. 
[0031] In a preferred embodiment of the invention, the 
method further comprises detemiining, for the messag- 
es communicated from the client communications de- 
vice to the server communications device, whether the 
message Is authorised to address the subscription mod- 
ule. Hence, a filter mechanism is provided in the server 
communications device which allows a selective access 
control and a mechanism to restrict or limit access to the 
subscription module, thereby increasing the security of 
the subscription module access. 
[0032] Preferably, the method further comprises pro- 
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viding a shared secret between the client communica- 
tions device and the server communications device; and 
providing an access control list stored in the server com- 
munications device in relation to at least one of the 

5 shared secret and the client communications device, 
thereby providing a mechanism for storing individual ac- 
cess control lists for different client communications de- 
vices in a safe manner. A protected database may, for 
example, be implemented by storing the data on a spe- 

10 cial circuit, by providing software-based protection, such 
as encryption, authentication, etc., or a combination 
thereof. 

[0033] The communications link may be an electric 
link or a wireless communications link, such as an elec- 

is tro-magnetic, magnetic or inductive link. Examples of 
electro-magnetic links include, radio-frequency links, 
optical links, infrared links, microwave links, ultra sound 
links, or the like. For example, the communications link 
may be a radio link according to the Bluetooth standard, 

20 i.e. a short-range wireless technology that enables dif- 
ferent units to communicate with relatively high speed. 
Bluetooth as well as other short-range wireless technol- 
ogies make it possible to set up fast connections be- 
tween different personal computing devices like a mo- 

25 bile phone, a Personal Digital Assistance (PDA), etc. 
[0034] When the communications link is a wireless 
communications link, a fast way of establishing a com- 
munications link is provided without the need of a phys- 
ical or electrical connection between the devices. 

30 [0035] The temri communications device comprises 
any electronic equipment including communications 
means adapted to establish a communications link as 
described above, or part of such electronic equipment. 
The term electronic equipment includes computers, 

35 such as stationary and portable PCs, stationary and 
portable radio communications equipment, etc. The 
term portable radio communications equipment in- 
cludes mobile radio devices such as mobile telephones, 
pagers, communicators, e.g. electronic organisers, 

40 smart phones, PDAs, or the like. 

[0036] The tenn subscription module comprises mod- 
ules which may be removably inserted into a communi- 
cations device, such as a smart card, a SIM card, a 
USIM card a wireless identity module (WIM) card, any 

45 other suitable integrated circuit card (ICG), or the like. 
The term subscription module further comprises mod- 
ules which are physically inseparable from the server 
communications device. 

[0037] The subscription module may be brought into 
50 physical contact with, e.g. inserted in, the server com- 
munications device, or a communications connection 
may be established, e.g. by bringing the subscription 
module into the range of coverage of a wireless com- 
munications interface. 
55 [0038] The data communicated between the client 
and the server communications device may be data 
stored in the subscription module. The data may be re- 
quired for registering the client communications device 
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in a cellular network, for establishing a communications 
connection from the client communications device, e.g. 
a voice, fax, or data call, hereafter referred to as a "call", 
for receiving a call from the network directed to a tele- 
phone number associated with the subscription module, 
for authorising payments or other transactions, for ac- 
cessing functionality or interfaces of the server commu- 
nications device, or the like. The data may further com- 
prise subscription authorisation data, e.g. a PIN code 
entered by a user of the client communications device 
and sent to the server communications device. The data 
may further comprise address data, phone books, or 
any other sensitive data related to the subscription mod- 
ule. The communication of data may comprise the trans- 
mission of data from the server communications device 
to the client communications device and/or the trans- 
mission of data from the client communications device 
to the server communications device. Hence, access to 
the subscription module Involves access to the data re- 
lated to the subscription module, i.e. the transmission of 
data to the subscription module, the reception of data 
from the subscription module, or the like. 
[0039] The subscription module may be able to au- 
thenticate a number of different client communications 
devices. 

[0040] The present invention can be implemented in 
different ways including the method described above 
and In the following, an an-angement, and further meth- 
ods and product means, each yielding one or more of 
the benefits and advantages described In connection 
with the first-mentioned method, and each having one 
or more preferred embodiments corresponding to the 
prefen^ed embodiments described In connection with 
the first-mentioned method and disclosed in the de- 
pendant claims. 

[0041] It is noted that the features of the method de- 
scribed above and in the following may be implemented 
in software and carried out In a data processing system 
or other processing means caused by the execution of 
computer-executable Instructions. The instructions may 
be program code means loaded in a memory, such as 
a RAIVI, from a storage medium or from another compu- 
ter via a computer network. Alternatively, the described 
features may be implemented by hardwired circuitry in- 
stead of software or in combination with software. 
[0042] The invention further relates to a communica- 
tions system comprising a client communications device 
and a server communications device including a sub- 
scription module, the client and server communications 
devices each comprising respective communications 
means for establishing a communications link between 
the client communications device and the server com- 
munications device, and for communicating a number 
of messages comprising data related to the subscription 
module between the server communications device and 
the client communications device via the communica- 
tions link; 

characterised In that the client communications device 



and the server communications device each comprise 
respective processing means adapted to provide integ- 
rity protection of the messages communicated between 
the server communications device and the client com- 
5 munlcations device via the communrcations link. 
[0043] The invention further relates to a server com- 
munications device including a subscription module, the 
server communications device comprising communica- 
tions means for establishing a communications link with 
10 a client communications device, and for communicating 
a number of messages comprising data related to the 
subscription module between the server communica- 
tions device and the client communteations device via 
the communications link; 
15 characterised in that the server communications device 
comprises processing means adapted to provide Integ- 
rity protection of the messages communicated between 
the server communications device and the client com- 
munications devtee via the communications link. 
20 [0044] The invention further relates to a client com- 
munications device for providing access to a subscrip- 
tion module of a server communications device, the cli- 
ent communications device comprising communica- 
tions means for establishing a communications link with 
25 the server communications device Including the sub- 
scription module, and for communicating a number of 
messages comprising data related to the subscription 
module between the client communications device and 
the server communications device via the communlca- 
30 tions link; 

characterised in that the client communications device 
comprises processing means adapted to provide integ- 
rity protection of the messages communicated between 
the client communications device and the server com- 
35 munlcations device via the communications link. 

[0045] When the server communications device, the 
communications means of the server communications 
device, and the subscription module are physically in- 
cluded in a single unit, a particularly high level of security 
40 is provided, as the possibility of data Interception and 
misuse is further reduced. Advantageously, the server 
communications device, a wireless interface and the 
subscription module may be Implemented as one phys- 
ically inseparable entity. 
45 [0046] The server communications device may be 
used as a server device for a number of different client 
communications devices using the same subscription. 
[0047] The temi processing means comprises gener- 
al- or special-purpose programmable microprocessors, 
50 Digital Signal Processors (DSP), Application Specific In- 
tegrated Circuits (ASIC), Programmable Logic Arrays 
(Pl-A), Field Programmable Gate Arrays (FPGA), spe- 
cial purpose electronic circuits, etc., or a combination 
thereof. 

55 [0048] The tenn storage means includes magnetic 
tape, optical disc, digital video disk (DVD), compact disc 
(CD or CD-ROM), mini-disc, hard disk, floppy disk, ferro- 
electric memory, electrically erasable programmable 
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read only memory (EEPROM), flash memory, EPROM, 
read only memory (ROM), static random access mem- 
ory (SRAM), dynamic random access memory (DRAM), 
synchronous dynamic random access memory 
(SDRAM), ferromagnetic memory, optical storage, 
charge coupled devices, smart cards, PCMCIA cards, 
etc. 

[0049] The term communications means comprises 

any circuit adapted to establish the above mentioned 
communications link. Examples of such circuits include 
RF transmitters/receivers, e.g. Bluetooth transceivers, 
light emitters/receivers, e.g. LEDs, infrared sensors/ 
emitters, ultrasound transducers, etc. 
[0050] The above prior art systems involve the prob- 
lem that, when the subscription module is used for other 
authentication services in addition to GSM/UTMS, e.g. 
for WLAN access, etc., the security of the GSM/UTMS 
access may be compromised by a the other sewices. 
[0051] According to another aspect of the invention, 
the above problem is solved by a method of providing 
to a client communications device access to a subscrip- 
tion module by a server communications device com- 
prising the subscription module, the method comprising 
the steps of 

establishing a communications linl< between the cli- 
ent communications device and the server commu- 
nications device; and 

receiving a number of messages from the client 
communications device by the server communica- 
tions device via the communications link, the mes- 
sages addressing the subscription module; 

characterised in that the method further comprises the 
step of determining, for at least one of the received mes- 
sages, whether the message Is authorised to address 
the subscription module. 

[0052] Hence, a filter mechanism is provided in the 

server communications device which allows a selective 
access control and a mechanism to restrict or limit ac- 
cess to the subscription module, thereby increasing the 
security of the subscription module access. Even 
though the client communications device is authenticat- 
ed, it is not necessarily authorised to access all the serv- 
ices provided by the subscription module, thereby in- 
creasing the security. Only those messages from the cli- 
ent communications device addressing functions and/ 
or data on the subscription module which are authorised 
by the filter mechanism, are accepted and forwarded to 
the subscription module. 

[0053] According to a preferred embodiment, the 
method further comprises providing integrity protection 
of the messages communicated between the server 
communications device and the client communications 
device via the communications link, where the integrity 
protection is based on a shared secret between the cli- 
ent communications device and the server communica- 
tions device; and providing an access control list stored 



In the server communications device in relation to at 
least one of the shared secret and the client communi- 
cations device. 

[0054] Preferably, the access control list is stored in 

5 a protected database, thereby providing a mechanism 
for storing individual access control lists for different cli- 
ent communications devices in a safe manner. A pro- 
tected database may, for example, be Implemented by 
storing the data on a special circuit, by providing soft- 

10 ware-based protection, such as encryption, authentica- 
tion, etc., or a combination thereof. 
[0055] The invention further relates to a server com- 
munications device Including a subscription module, the 
server communications device comprising communica- 

15 tions means for establishing a communications link with 
a client communications device, and for receiving a 
number of messages addressing the subscription mod- 
ule from the client communications device via the com- 
munications link; 

20 characterised in that the server communications device 
comprises processing means for determining, for at 
least one of the received messages, whether the mes- 
sage is authorised to address the subscription module. 
[0056] Preferably, the server communications device 

25 comprises storage means for storing an access control 
list as described above. 

[0057] The invention will be explained more fully be- 
low in connection with a preferred embodiment and with 
reference to the drawing, in which: 

30 

fig. 1 shows a schematic view of a client communi- 
cations device and a server communications device 
according to an embodiment of the invention; 

35 fig. 2 shows a schematic block diagram of a com- 
munications system according to an embodiment of 
the invention illustrating the flow of a message from 
the client communications device addressing the 
subscription module of a server communications 
40 device; 

fig. 3 shows a flow diagram of a secure communi- 
cations session according to an embodiment of the 
invention; 

45 

fig. 4 shows a flow diagram illustrating the commu* 
nication of a message from the client to the server 
communications device; 

50 fig. 5 shows a flow diagram illustrating the commu- 
nication of a message from the server to the client 
communications device; 

fig. 6 shows a flow diagram of a process of gener- 
is ating a shared secret according to an embodiment 
of the Invention; 

fig. 7 illustrates a filter mechanism according to an 
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embodiment of the invention; and 

fig, 8. shows a schematic view of a server commu- 
nications device according to an embodiment of the 
invention. 5 

[0058] Fig. 1 shows a schematic view of a client com- 
munications device and a server communications de- 
vice according to an embodiment of the Invention. The 
client communications device 1 06 includes an antenna io 
113 for communicating via a mobile communications 
networl< 114, e.g. a GSM networlc. The client communi- 
cations device further comprises circuitry 107 for con- 
troliing the communications device, a storage medium 
1 08, a display 1 1 1 and a keypad 1 1 2, or other user input/ 
output means. For example, the client communications 
device may be a mobile telephone or another personal 
communications device, such as a communicator, a 
PDA, a laptop, a pager, a car phone, or the Wke. Further 
examples of a client communications device include a 20 
modem, a telefax or other telecommunications equip- 
ment. The storage medium 1 08 may be a memory sec- 
tion of a SIM card comprising EPROM, ROM and/or 
RAM sections. Aitematively, the storage medium may 
be a another built-in or insertable memory, such as E EP- 25 
ROM, flash memory, ROM, RAM, etc. 
[0059] The client communications device further com- 
prises a Bluetooth transceiver 110. Via the Bluetooth 
transceiver, a local radio link 115 for data transmission 
can be established between the client communications 30 
device and a Bluetooth transceiver 1 04 of a server com- 
munications device 101 when the server communica- 
tions device is brought Into the connection range of the 
wireless local communication of the client communica- 
tions device, or vice versa. The server communications 35 
device 1 01 comprises a processing unit 1 05 and a sub- 
scription module 1 02. in one embodiment, the subscrip- 
tion module is a SIM card comprising a processing unit, 
a memory including an EPROM section, a ROM section 
and a RAM section and an input/output port. Hence, the 
server communications device has direct access to a 
subscription module and is physically connected to it. 
The server communications device may grant the client 
communications device access to the services and files 
of the subscription module 1 02. For example, the server 
communications device may be a mobile telephone or 
other personal communications equipment. Alternative- 
ly, the server communications device may be a special 
remote access device which only serves as an access 
server for different client devices. For example, the serv- so 
er communications device may be Implemented as a 
contactiess smart card, e.g. a smart card with an inte- 
grated wireless communications interface such as a 
short-range radio interface. 

[0060] Hence, the client communications device 1 06 ss 
may access the services and files of the subscription 
module 102 of the server communications device 101 , 
via the radio link 115, and use the access for the con- 
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nection to the cellular network 114. 
[0061] In the above, two general roles have been de- 
scribed: A Remote Authentication Access Server (RAA 
Server) having direct access to the subscription module, 
and a Remote Authentication Access Client (RAA Cli- 
ent) obtaining remote access to the subscription mod- 
ule, thereby obtaining access to a number of possible 
sen/lces. Hence, in the following, the client communica- 
tions device will also be referred to as the RAA Client 
and the server communications device will be referred 
to as the RAA Server. Examples of the functionality, 
services and data which may be accessed by the RAA 
Client include: 

Register the RAA Client 106 in a cellular networit 
114 using the subscription module 102 in the RAA 

Server 101. 

The RAA client 1 06 can access data and services 
available In the subscription module 102. 
The RAA Server 1 01 may exercise access control 
on what services and data can be accessed by a 
RAA Client 106; 

Establish a connection (i.e. a voice, fax, or data 
call), hereafter referred to as a "call", from the RAA 
Client 106 using the subscription module 102 In the 
RAA server 101; 

Receiving a call from the network 114 at the RAA 
Client 106. 

[0062] On one hand, from a security point of view, it 
may be desirable to provide an end-to-end protection 
between the RAA client and the subscription module 
1 02. However, such an end:to-end protection would re- 
quire a trust relation between the subscription module 
and the RAA Client. In many applications such a trust 
relation Is unfeasible. As mentioned above, the security 
offered for the communications link 115 by standard 
wireless communications protocols, such as Bluetooth, 
do not provide sufficient security for the security sensi- 
tive subscription module access. According to the inven- 
tion, the processing units 1 05 and 1 07 provide function- 
ality 1 03 and 1 09, respectively, for integrity protection of 
the messages sent over the communications link 115. 
Hence, it is ensured that the messages have not be al- 
tered during transmission over the air interface 1 1 5, and 
that the messages were sent from an authorised device. 
Preferred embodiments of this functionality will be de- 
scribed In greater detail below. Furthemnore, the 
processing unit 1 05 of the RAA Server provides a filter 
mechanism 116 adapted to ensure that access to the 
subscription module is only provided to messages orig- 
inating from an authorised service, as will be described 
In greater detail below. 

[0063] Fig. 2 shows a schematic block diagram of a 
communications system according to an embodiment of 
the invention illustrating the flow of a message from the 
client communications device addressing the subscrip- 
tion module of a server communications devtoe. The 
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communications system comprises a client communica- 
tions device 206 and a server communications device 
201 including a subscription module 202. 
[0064] As mentioned above, the remote access to the 
subscription module by the RAA Client is particularly se- 
curity sensitive. Consequently, according to the inven- 
tion, each message sent from an application 207 on the 
RAACtlenttothe RAAServeris authenticated by adding 
a message authentication code (MAC) to each message 
between the RAA Client and the RAA server. Hence, the 
RAA Client comprises an integrity protection module 
209 for calculating a MAC value and including the cal- 
culated MAC value into the message. Subsequently, the 
message Is transmitted to the server communications 
device by a communications circuit 21 0 for transmitting 
messages via a wireless communications link. In one 
embodiment, the communications circuit is a radio 
transmitter, such as a Bluetooth transceiver, implement- 
ing the lower levels of a communications stack. 
[0065] The RAA server 201 comprises a correspond- 
ing communications circuit 204 for receiving the trans- 
mitted message. The received message Is fed Into an 
integrity protection module 203 for authenttcati ng the re- 
ceived message by calculating a MAC value and com- 
paring It to the MAC value that was included in the mes- 
sage, as will be described in greater detail below. If the 
authentication fails, the message is rejected; otherwise 
the message is fonvarded to a server subscription mod- 
ule access module 205 which implements a filter mech* 
anism for limiting access to the subscription module 202 
to authorised applications. The server subscription 
module access module 205 has access to a protected 
database 208 which comprises identifrcation data and 
corresponding access control lists for use by the filter 
mechanism, A preferred embodiment of such a filter 
mechanism will be described in greater detail below. If 
the message is authenticated and if the filter mechanism 
has granted access to the subscription module, the 
message is forwarded to the subscription module 202 
for processing. 

[0066] If, for example the message comprises a re- 
quest for data, a response message is returned to the 
application 207 via the Integrity protection circuit 203 
which calculates a MAC value and includes it into the 
responds message. The message is then communicat- 
ed via communications circuits 204 and 210 to the RAA 
Client where the MAC value is checked by the integrity 
protection circuit 209 prior to forwarding the response 
message to the requesting application 207. 
[0067] It is noted that the calculation of the MAC 
codes in the integrity protection modules 209 and 203 
takes the message to be authenticated and a secret key 
as inputs. Hence, the Integrity protection modules 209 
and 203 have access to a shared secret stored in the 
RAA client 206 and the RAA server 201 , respectively 
Preferably, In order to prevent reply attacks, the shared 
secret is refreshed at each new communications ses- 
sion. 



[0068] It is noted that the integrity protection modules 
209 and 203 as well as the server subscription module 
access module 205 may be implemented in software by 
suitably programming a general- or special-purpose 
5 programmable microprocessors, Application Specific 
Integrated Circuits (ASIC), Programmable Logic Arrays 
(PLA), Field Programmable Gate An-ays (FPGA), spe- 
cial purpose electronic circuits, etc., or a combination 
thereof. 

10 [0069] Fig. 3 shows a flow diagram of a secure com- 
munications session according to an embodiment of the 
invention. Fig. 3 illustrates the steps performed in the 
client communications device 300 and in the server 
communications device 310, respectively 

15 [0070] In an initial step 301, a communications ses- 
sion over a wireless communications link is initiated in- 
cluding authenticating the two devices using a suitable 
short-range wireless authentication mechanism, e.g. via 
the authentication mechanisms provided by the wireless 

20 communications protocol used, such as Bluetooth, 
IEEE 802.1 X, or the like. Preferably, if present, encryp- 
tion of the wireless link Is switched on during session 
set-up. 

[0071] In step 31 2, the sen/er communications device 
25 301 generates a random number, RAND, and sends this 
number to the client communications device 300, via the 
wireless link. The server communications device 301 
further stores the random number in internal memory 
31 5 for use in the subsequent steps. The client commu- 
30 nications device receives the random number in step 
302 and stores it in internal memory 305 for subsequent 
use. 

[0072] In alternative embodiments, the random 
number may be generated by the client communications 
55 device, Instead, or a part of the random number may be 
generated by the client communications device and an- 
other part may be generated by the server communica- 
tions device. The two random values are then combined 
to produce the value actually used as input for the later 
40 calculations. 

[0073] In step 303, the client communications device 
uses the received random number as one of the input 
parameters to a pseudo random function ALG1 . The 
second Input parameter is a shared secret K„ (306) 
45 which is known to both the client and the server com- 
munications device. Examples of methods for creating 
the shared secret will be described in connection 
with fig. 6. The pseudo random function ALG1 gener- 
ates a session key K3 (307) to be used for the integrity 
50 protection of the messages that are subsequently ex- 
changed between the client and server communications 
devices. The algorithm ALG1 may be any suitable meth- 
od for generating pseudo random numbers, preferably 
an algorithm which generates a random number that is 
55 unpredtetable or at least not feasible to predict. An ex- 
ample of such an algorithm Is a pseudo random function 
based on a one way hash function such as the HMAC 
algorithm described in H. Krawczyk, M. Bellare, R. Can- 
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etti, "HMAC: Keyed-Hashing for Message authentica- 
tion", IETF RFC 21 04 (obtainable on http://www.ietf.org/ 
rfc/rfc2104). 

[0074] Correspondingly, in step 313, the server com- 
munications device uses the generated random number 
RAND (315) as one of the input parameters to the pseu- 
do random function ALG1 . The second input parameter 
is the shared secret K„ (31 6) known to both the client 
and the server communications device. As for the client 
device, the pseudo random function ALG1 generates a 
session l<ey Kg (317) to be used by the server commu- 
nications device for the integrity protection of the mes- 
sages subsequently exchanged between the client and 
server communications devices. 
[0075] In steps 304 and 314 messages are commu- 
nicated between the client communications device 300 
and the service communications device 310, where 
each message Is Integrity protected based on the gen- 
erated session key Kg. Authenticated messages direct- 
ed towards the subscription module are forwarded by 
the server communications device to the subscription 
module 31 8, thereby providing to the client communica- 
tions device 300 access to the subscription module 31 8. 
A method of integrity protecting the communicated mes- 
sages will be described in greater detail In connection 
with figs, 4 and 5. 

[0076] Fig. 4 shows a flow diagram Illustrating the 
communication of a message from the client communi- 
cations device 300 to the server communications device 
310. Hence, in one embodiment, the steps of fig. 4 are 
perf ornied as respective sub-processes of the steps 304 
and 31 4 of fig. 3. 

[0077] Initially, In step 401 the value of a counter 41 0 
is Included in the message, and the counter is incre- 
mented. 

[0078] In step 402, In the client communications de- 
vice a message authentication code (MAC) Is calculated 
for the message 411 to be sent and the counter value. 
The MAC algorithm receives the message 411, the 
counter, and the session key Kg (307) as inputs. The 
generation of the session key Kg as a shared secret be- 
tween the client and the server communications devices 
is described above. The MAC algorithm used to calcu- 
late the MAC may be any suitable MAC algorithm, pref- 
erably a cryptographically strong MAC algorithm. An ex- 
ample of such a MAC algorithm providing a high level 
of security is the HMAC algorithm (see e.g. H. Krawczyk, 
M. Beliare, R. Canetti, "HMAC: Keyed-Hashing for Mes- 
sage authentication", IETF RFC 2104, obtainable on ht- 
tp://www.letf.org/rfc/rfc2104). The calculated MAC val- 
ue is included in, e.g. appended or prepended to, the 
message. 

[0079] In step 403, the resulting message 412 com- 
prising the original message M, the calculated MAC, and 
the counter CNT1 Is transmitted to the server commu- 
nications device via the wireless link. 
[0080] I n step 404, the server communications device 
310 receives the combined message 412 and, in step 



405, a MAC value Is calculated based on the received 
message M including the counter value CNT1 , and the 
session key Kg (31 7). The calculated MAC value is com- 
pared to the received MAC value In order to verify the 
5 integrity of the message. If the two MAC values match, 
the message Is accepted, otherwise it is rejected. 
[0081] In step 406, it is verified whether the received 
counter value CNT1 has a valid value given the value 
of an internal counter 411 maintained by the sen/er com- 
munications device. For example, a counter value may 
be accepted, if the received counter value is larger than 
the internal counter value and smaller than the internal 
value plus a predetemnlned increment. If the two counter 
values do not match the message is rejected; othenvise 
the message Is accepted and the Internal counter 411 
is incremented according to the received counter value. 
[0082] It Is noted that, alternatively, the order of the 
verification steps 405 and 406 may be reversed. In the 
flow diagram of fig. 4, this is illustrated by only depicting 
an overall decision step 407, where the message is ac- 
cepted (step 408) only if both the MAC value and the 
counter value are successfully verified. In this case the 
message may be forwarded to the subscription module, 
Otherwise the message is rejected (step 409). Prefera- 
bly, access to the subscription module is subject to a 
further filter mechanism, as will be described below, in 
order to further increase the protection of the subscrip- 
tion module. 

[0083] Fig. 5 shows a flow diagram illustrating the 
communication of a message from the server commu- 
nications device 310 to the client communications de- 
vice 301 . Hence, the flow of fig. 5 corresponds to the 
reverse flow of fig. 4: 

[0084] In step 501 the value of a counter CNT2 (511) 
Is Included In the message, and the counter CNT2 Is 

incremented. 

[0085] In step 502, in the server communications de- 
vice a MAC is calculated for the message 51 2 to be sent 
and the counter value CNT2, as described above. The 
MAC algorithm receives the message 512, the counter 
value CNT2, and the session key Kg (317) as inputs. 
The calculated MAC value is included in the message. 
[0086] In step 503, the resulting message 513 com- 
prising the original message M, the calculated MAC, and 
the counter CNT2 Is transmitted to the client communi- 
cations device via the wireless link. 
[0087] In step 504, the client communications device 
301 receives the combined message 513 and, in step 
505, the received MAC value verified against a MAC val- 
ue calculated based on the received message M and 
the session key Kg (307). 

[0088] In step 506, it is verified whether the received 
counter value CMT2 has a valid value given the value 
of an internal counter 51 0 maintained by the client com- 
munications device. If the two counter values do not 
match the message Is rejected; otherwise the message 
is accepted and the internal counter 510 is incremented 
according to the received counter value. 
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[0089] Hence, as illustrated by the overall decision 
507, the message is accepted (step 508) only if both the 
MAC value and the counter value are successfully ver- 
ified. Otherwise the message is rejected (step 509). 
[0090] Fig. 6 shows a flow diagram of a process of 
generating a shared secret according to an embodiment 
of the invention . According to this embodiment, the wire- 
less communications link Is a Biuetooth link. 
[0091] In the Initial step 601 a Bluetooth pairing Is per- 
fomied between the client communications device 301 
and the server communications device 31 0 (see "Base- 
band Specification" in "Specification of the Bluetooth 
System, Core, Version 1 .1 Biuetooth Special interest 
Group, February 2001) resulting in a Biuetooth link key 
shared between the client and the server communica- 
tions devices. The link key is derived from a PIN that 
should be entered by the user(s) of the devices. The link 
key Is subsequently used to produce an encryption key 
that Is used to protect Bluetooth communication. The 
generated link key is stored in internal memory 606 and 
616 of the client and the server communications devic- 
es, respectively. 

[0092] In step 612, the server communications device 
301 generates a random number, RAND, and sends this 
number to the client communications device 300, via the 
wireless link. The server communications device 301 
further stores the random number in internal memory 
61 5 for use in the subsequent steps. The client commu- 
nications device receives the random number in step 
602 and stores it in Internal memory 605 for subsequent 
use. 

[0093] In step 603, the client communications device 
uses the received random number as one of the input 
parameters to a pseudo random function ALG2. The 
second Input parameter Is the above link key 606. The 
pseudo random function ALG2 generates a shared se- 
cret K„ (306) to be used for generating secret session 
keys according to fig. 3. The algorithm ALG2 may be 
any suitable method for generating pseudo random 
numbers, preferably an algorithm which generates a 
random number which is unpredictable or at least infea- 
sible to predict. An example of such an algorithm is a v 
pseudo random function based on a one way hash func- 
tion such as the HM AC algorithm described In H. Krawc- 
zyk, M. Bellare, R. Canetti, "HMAC: Keyed-Hashing for 
Message authentication", IETF RFC 2104 (obtainable 
on http://www.ietf.org/rfc/rfc2104). 
[0094] Corespondingly, In step 613, the server com- 
munications device uses the generated random number 
RAND (615) as one of the input parameters to the pseu- 
do random function ALG2. The second input parameter 
is the link key 616. As for the client device, the pseudo 
random function ALG2 generates the shared secret 
(316). 

[0095] In step 614, the server communications device 
stores the information relating to the client communica- 
tions device In a protected database 61 6. In one embod- 
iment, the information comprises an identifier Identifying 



the client communications device, the shared secret K^,, 
and an access control list including the services of the 
subscription module which the communications device 
should be granted access to. Hence, in step 614, the 
s server communications device selects the set of servic- 
es provided by the subscription module that the client 
communications device or a client application should be 
allowed to access. For example, the set of services may 
be a default set, a set of services selected by the user 
10 during, or a set selected according another criterion. By 
storing these information in a database, a filter mecha- 
nism may access this information and provide selective 
access to the subscription module. An embodiment of 
such a filter mechanism will be described below. Pref- 
15 erably, the database 61 6 is protected against unauthor- 
ised access, e.g. by storing it in a special protected cir- 
cuit, by a software protection such as encryption or au- 
thentication, or the like. 

[0096] it is noted that in alternative embodiments us- 
20 ing a communications protocol other than Bluetooth, a 
con-esponding process may be perfomied using a 
shared secret established during an initial pairing pro- 
cedure between the server and client communications 
devices. 

25 [0097] Hence, in the above a method is described for 
deriving a shared secret from a Bluetooth link key or a 
corresponding key in another protocol. 
[0098] Alternatively, the shared secret may be ob- 
tained In a different way. For example, the shared secret 
30 may be derived from a secure pairing protocol. The 
pairing may be perfomned using a secure key exchange 
mechanism based on public key certificates, on a user 
PIN input, or the like. If a PIN based method Is used, the 
user is requested to enter a password into at least one 
35 of the devices. An example of highly secure PIN based 
methods are described in C. Gehmnann and K. Nyberg: 
"Enhancements to the Bluetooth Baseband security", in 
Proceedings of the NordSec Conference 2001 , 1 -2 Nov. 
2001 , DTU, Denmark. 
40 [0099] Hence, in the above user-friendly and, at the 
same time, secure ways of obtaining a shared secret 
between the RAA Client and the RAA Server have been 
described. 

[0100] Fig. 7 illustrates a filter mechanism according 
45 to an embodiment of the invention. Fig. 7 Illustrates the 
steps perfomned by the server communications device 
upon receipt of a message from the client communica- 
tions device. The steps 404-406 of receiving the mes- 
sage, verifying a MAC value, and checking a counter, 
50 respectively, have been described in connection with fig. 
4. If the received message is accepted (step 407), and 
if the message attempts to access a service provided 
by the subscription module, the message Is passed to 
a server subscription module application which Impie- 
55 ments a filter mechanism. In step 701 , the server sub- 
scription module application sends a query to the ac- 
cess control database 61 6 described in connection with 
fig. 6. The query comprises the ID of the requesting RAA 
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client. In one embodiment, the query further Includes an 
identification of the requesting client application, there- 
by providing a more fine-grained access control, as 
some applications on a given device may obtain other 
access rights than other applications on the same de- 
vice. The database returns the corresponding list of ac- 
cepted services for that particular RAA client to the serv- 
er subscription module application. In step 702, the 
server subscription module application checks whether 
the requested service should be granted to the request- 
ing client. If so, the RAA client request is forwarded to 
the subscription module 318 (step 704); otherwise the 
request is rejected. 

[0101] Hence, the above filter mechanism protects 
the subscription module against unauthorised access 
by restricting access to the subscription module. Only 
selected clients have access to selected services. In 
particular, access to security sensitive functions may be 
limited while providing a wider access to other functions. 
This is a particular advantage, if a SIM card is used for 
other authentication services as GSM/UMTS. In such a 
scenario, the above method prevents the security of the 
GSM/UMTS access to be compromised by other serv- 
ices. 

[0102] Fig. 8 shows a schematic view of a modular 
server communications device according to an embod- 
iment of the invention. The server communications de- 
vice comprises a base module 801 with a subscription 
module 802. The base module 801 provides interfaces 
804 and 806 to a user interface module 808 and a radio 
interface module 805. The user interface may provide a 
display for providing a graphical user interface and/or a 
keypad, a pointing device, orthe like. The radio interface 
unit may comprise a radio transmitter/receiver and an 
aerial for connecting to a cellular network, a short-range 
radio transceiver and/or other wireless interfaces. The 
interfaces 804 and 806 may be implemented as plug-in 
interfaces, e.g. using a standard such as USB or the like. 
Alternative, the interfaces may be contact-free interfac- 
es e.g. based on electromagnetic radiation, such as in- 
frared or a radio link, e.g. using the Bluetooth technology 
or other short-range wireless communications technol- 
ogies. The data communication via the interface 804 
and/or the interface 806 may use a proprietary or a 
standard protocol. For example the base module may 
be implemented as a smart card, e.g. a smart card hav- 
ing an integrated radio interface, in another embodi- 
ment, the base module may be implemented as a unit 
providing the interfaces 804 and 806 and including a 
subscription module, e.g. as a removably Insertable 
unit, such as a smart card. 

[0103] It should be noted that the above-mentioned 
embodiments illustrate rather than limit the invention, 
and that those skilled in the art will be able to design 
many alternative embodiments without departing from 
the scope of the appended claims. 
[0104] For example, even though the invention has 
primarily been described In connection with a Bluetooth 



wireless communications link, the scope of the invention 
is not restricted to Bluetooth communications. It is un- 
derstood that the invention may also be applied in con- 
nection with other communications links between the cli- 

5 ent and server communications devices. For example 
the invention may be applied to other wireless commu- 
nications links, such as an electro-magnetic, magnetic 
or inductive link. Examples of electro-magnetic links in- 
clude, radio-frequency links, optical links, Infrared links, 

10 microwave links, ultra sound links, or the like. 



Claims 

'5 1. A method of providing to a client communications 
device access to a subscription module of a server 
communications device, the method comprising the 
steps of 

20 . establishing (301) a communications link be- 
tween the client communications device (300) 
and the server communications device (310); 
and 

- communicating (304;403,404) a number of 
25 messages (M) connprising data related to the 

subscription module (318) between the server 
communications device and the client commu- 
nications device via the communications link; 

30 characterised in that the method further compris- 
es the step of providing (402,405) integrity protec- 
tion of the messages communicated between the 
server communications device and the client com- 
munications device via the communications link. 

35 

2. A method according to claim 1, characterised in 
that the step of providing integrity protection further 
comprises calculating, based on a secret session 
key, a respective message authentication code for 

40 each of the communicated messages; and includ- 
ing the calculated message authentication code in- 
to the corresponding communicated message, 

3. A method according to claim 2, characterised in 
45 that the step of establishing a communications link 

between the client and server communications de- 
vices comprises detenninlng a secret session key 
based on a shared secret between the server and 
client communications devices. 

50 

4. A method according to claim 3, characterised in 
that the method further comprises providing the 
shared secret by perfonnlng a secure pairing pro- 
cedure including receiving a passcode by at least 

55 one of the client communications device and the 
server communications device. 

5. A method according to claim 4. characterised in 
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that the passcode is at the most 48 bits long. 

6. A method according to claim 3, characterised in 
that the communications link has a secret link key 
related to it and the method further comprises pro* 
viding the shared secret by calculating the shared 
secret using the secret link key as an input. 

7. A method according to any one of claims 2 through 
6, characterised in that the method further com- 
prises 

- incorporating a value of a first counter in each 
of the messages communicated from the client 
communications device to the server commu- 
nications device, the first counter being indica- 
tive of the number of messages communicated 
from the client communications device to the 
server communications devtee; and 
incorporating a value of a second counter in 
each of the messages communicated from the 
server communications device to the client 
communications device, the second counter 
being indicative of the number of messages 
communicated from the server communica- 
tions device to the client communications de- 
vice; 

and the step of calculating a respective message 
authentication code for each of the communicated 
messages comprises calculating a message au- 
thentication code for each of the communicated 
messages and the corresponding counter value. 

8. A method according to any one of claims 1 through 
7 characterised in that the method further com- 
prises detemnining, for the messages communicat- 
ed from the client communications device to the 
server communications device, whether the mes- 
sage is authorised to address the subscription mod- 
ule. 

9. A method according to claim 8, characterised in 
that the method further comprises providing a 
shared secret between the client communications 
device and the server communications device; and 
providing an access control list stored in the server 
communications device In relation to at least one of 
the shared secret and the client communications 
device. 

1 0. A communications system comprising a client com- 
munications device (106,206) and a server commu- 
nications device (1 01 ,201 ) including a subscription 
module{102;202), the client and server communi- 
cations devices each comprising respective com- 
munications means (110,104;204,210) for estab- 
lishing a communications link (115) between the cli- 



ent communications device and the server commu- 
nications device, and for communicating a number 
of messages comprising data related to the sub- 
scription module between the server communica- 

5 tions device and the client communk:ations device 
via the communications link; 
characterised In that the client communications 
device and the server communteatlons device each 
comprise respective processing means (105,107; 

10 203,209) adapted to provide integrity protection of 
the messages communicated between the server 
communications device and the client communica- 
tions device via the communications link. 

15 11. A server communications device including a sub- 
scription module, the server communications de- 
vice comprising communications means for estab- 
lishing a communications link with a client commu- 
nications device, and for communicating a number 

20 of messages comprising data related to the sub- 
scription module between the server communica- 
tions device and the client communications device 
via the communications link; 
characterised In that the server communications 

25 device comprises processing means adapted to 
provide integrity protection of the messages com- 
municated between the server communications de- 
vice and the client comrinunications device via the 
communications link. 

30 

12. A client communications device for providing ac- 
cess to a subscription module of a sen/er commu- 
nications device, the client communications device 
comprising communications means for establishing 

35 a communications link with the server communica- 
tions device including the subscription module, and 
for communicating a number of messages compris- 
ing data related to the subscription module between 
the client communications device and the server 

40 communications device via the communications 
iinl<; 

characterised in that the client communications 
device comprises processing means adapted to 
provide integrity protection of tine messages com- 
45 municated between the client communications de- 
vice and the server communications device via the 
communications link. 

13. A method of providing to a client communications 
50 device access to a subscription module by a server 

communications device comprising the subscrip- 
tion module, the method comprising the steps of 

establishing (301) a communications link be- 
55 tween the client communications device (300) 

and the server communications device (310) ; 
and 

receiving (404) a number of messages from the 



55 
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client communications device by tine server 
communications device via the communica- 
tions link, the messages addressing the sub- 
scription module (318); 

characterised in that the method further compris- 
es the step of determining (701), for at least one of 
the received messages, whether the message is 
authorised to address the subscription module. 

14. A method according to claim 13, characterised in 
that the method further comprises providing integ- 
rity protection of the messages communicated be- 
tween the server communications device and the 
client communications device via the communica- 
tions linl<, where the integrity protection Is based on 
a shared secret between the client communications 
device and the server communications device; and 
providing an access control list stored in the server 
communications device in relation to at least one of 
the shared secret and the client communications 
device. 

15. A method according to claim 14, characterised in 
that the access control list Is stored in a protected 
database. 

16. A method according to claim 14 or 15, character- 
ised in that the method further comprises calculat- 
ing, based on a secret session key, a respective 
message authentication code for each of the com- 
municated messages; and including the calculated 
message authentication code into the correspond- 
ing communicated message. 

17. A method according to claim 16, characterised In 
that the step of establishing a communications link 
between the client and server communications de- 
vices comprises detennining the secret session key 
based on said shared secret between the server 
and client communications devices. 

18. A method according to claim 17, characterised in 
that the method further comprises providing the 
shared secret by perfonning a secure pairing pro- 
cedure including receiving a passcode by at least 
one of the client communications device and the 
server communications device. 

19. A method according to claim 18, characterised in 
that the passcode is at the most 48 bits long. 

20. A method according to claim 1 8, characterised In 

that the communications link has a secret link key 
related to it and the method further comprises pro- 
viding the shared secret by calculating the shared 
secret using the secret link key as an input. 
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21 . A method according to any one of claims 1 4 through 
20, characterised in that the method further com- 
prises 

5 - incorporating a value of a first counter in each 
of the messages communicated from the client 
communications device to the server commu- 
nications device, the first counter being indica- 
tive of the number of messages communicated 

10 from the client communications device to the 

server communications device; and 
incorporating a value of a second counter in 
each of the messages communicated from the 
server communications device to the client 

IS communications device, the second counter 

being indicative of the number of messages 
communicated from the server communica- 
tions device to the client communications de- 
vice; and the step of calculating a respective 

20 message authentication code for each of the 

communicated messages comprises calculat- 
ing a message authentication code for each of 
the communicated messages and the corre- 
sponding counter value. 

25 

22. A server communications device including a sub- 
scription module, the sen/er communications de- 
vice comprising communications means for estab- 
lishing a communications link with a client commu- 

30 nications device, and for receiving a number of 
messages addressing the subscription module from 
the client communications device via the communi- 
cations link; 

characterised in that the sen/er communications 
35 device comprises processing means for detennin- 
ing, for at least one of the received messages, 
whether the message is authorised to address the 
subscription module. 
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1. Claims: 1-12 

method and system for providing to a client communications 
device access to a subscription module of a server 
communications device, comprising providing integrity 
protection of the messages communicated between the server 
and the client. 



2. Claims: 13-22 

method and system for providing to a client communications 
device access to a subscription module of a server 
communications device, comprising determining whether at 
leas.t one of the messages between client and server Is 
authorized to address the subscription module 
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